Threat Intelligence

What

Threat intelligence involves analyzing data and information to generate meaningful patterns on how to mitigate or act against potential risks associated with existing or emerging threats targeting entities.

Threat intelligence refers to the process of collecting, analyzing, and understanding information about potential cybersecurity threats. This information is gathered from various sources, such as security incidents, network traffic, malware analysis, and open-source intelligence. The goal of threat intelligence is to identify and assess potential risks to an organization's systems, networks, and data, allowing them to proactively defend against cyberattacks and security breaches. It helps organizations stay ahead of evolving threats by providing insights into the tactics, techniques, and procedures used by threat actors, enabling them to implement effective security measures and countermeasures.

Threat Intelligence, more or less, refers to the following questions:

Who is attacking you?
What is thier motivation?
What are their capabilities?
What IoC (Indicators of Compromise) and Artifacts should one look out for?

Classifications

Threat intelligence significantly relies on understanding the relationship between the operational environment and adversaries. Threat intelligence can be classified as follows:

Strategic Intel: --High Level--Threat Mapping--Strategic Modeling-- High-level intelligence examines a company's threat landscape and identifies risky areas using trends, patterns, and new threats that could affect business choices.
Technical Intel: --Based on Evidence--Technical Evidence-- This includes proof and traces of attacks. For example, it sets a starting point for analyzing the potential targets of attacks and creating ways to defend against them.
Tactical Intel: --TTPs--Security Controls-- Check out how attackers operate, their methods, and what they do step by step. This helps make security measures stronger and fix weaknesses by investigating things as they happen.
Operational Intel: --Operational Motives--Identify Assets-- Examining why the attacker wants to launch an attack and what they aim to achieve. Also, understanding which assets are most important.

PreviousWhy Threat Model?NextTool Dump

Last updated 1 year ago

What

Threat intelligence refers to the process of collecting, analyzing, and understanding information about potential cybersecurity threats. This information is gathered from various sources, such as security incidents, network traffic, malware analysis, and open-source intelligence. The goal of threat intelligence is to identify and assess potential risks to an organization's systems, networks, and data, allowing them to proactively defend against cyberattacks and security breaches. It helps organizations stay ahead of evolving threats by providing insights into the tactics, techniques, and procedures used by threat actors, enabling them to implement effective security measures and countermeasures.

Threat Intelligence, more or less, refers to the following questions:

Who is attacking you?

What is thier motivation?

What are their capabilities?

What IoC (Indicators of Compromise) and Artifacts should one look out for?

Classifications

Threat intelligence significantly relies on understanding the relationship between the operational environment and adversaries. Threat intelligence can be classified as follows:

Strategic Intel: --High Level--Threat Mapping--Strategic Modeling-- High-level intelligence examines a company's threat landscape and identifies risky areas using trends, patterns, and new threats that could affect business choices.

Technical Intel: --Based on Evidence--Technical Evidence-- This includes proof and traces of attacks. For example, it sets a starting point for analyzing the potential targets of attacks and creating ways to defend against them.

Tactical Intel: --TTPs--Security Controls-- Check out how attackers operate, their methods, and what they do step by step. This helps make security measures stronger and fix weaknesses by investigating things as they happen.

Operational Intel: --Operational Motives--Identify Assets-- Examining why the attacker wants to launch an attack and what they aim to achieve. Also, understanding which assets are most important.